GitHub Organizations

Spinnaker supports OAuth 2.0 for authentication with GitHub organizations.

Get Client ID and Secret

Consult the GitHub OAuth 2.0 documentation and register a new OAuth 2.0 application to obtain a client ID and client secret.

Configure Halyard

You may configure Halyard either with the CLI or by manually editing the hal config.

Hal config

  1. security:
  2. authn:
  3. oauth2:
  4. enabled: true
  5. client:
  6. clientId: # client ID from above
  7. clientSecret: # client secret from above
  8. accessTokenUri: https://github.com/login/oauth/access_token
  9. userAuthorizationUri: https://github.com/login/oauth/authorize
  10. scope: user:email
  11. resource:
  12. userInfoUri: https://api.github.com/user
  13. # You almost certainly want to restrict access to your Spinnaker by adding
  14. # userInfoRequirements; otherwise any user with a GitHub account will be
  15. # able to access it.
  16. userInfoRequirements: {}
  17. userInfoMapping:
  18. email: email
  19. firstName: ''
  20. lastName: name
  21. username: login
  22. provider: GITHUB

CLI

  1. hal config security authn oauth2 edit --provider github \
  2. --client-id (client ID from above) \
  3. --client-secret (client secret from above)
  4. hal config security authn oauth2 enable

Last modified October 16, 2020: rest of commits (b97d8a1)